This repository contains a Dockerfile of fprot for Docker's trusted build published to the public DockerHub.
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/fprot
docker run --rm malice/fprot EICAR
$ docker run --rm -v /path/to/malware:/malware:ro malice/fprot FILE
Usage: fprot [OPTIONS] COMMAND [arg...]
Malice F-PROT AntiVirus Plugin
Version: v0.1.0, BuildTime: 20160214
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--table, -t output as Markdown table
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--elasitcsearch value elasitcsearch address for Malice to store results [$MALICE_ELASTICSEARCH]
--help, -h show help
--version, -v print the version
Commands:
update Update virus definitions
help Shows a list of commands or help for one command
Run 'fprot COMMAND --help' for more information on a command.This will output to stdout and POST to malice results API webhook endpoint.
{
"f-prot": {
"infected": true,
"result": "EICAR_Test_File (exact)",
"engine": "4.6.5.141",
"updated": "20160213"
}
}| Infected | Result | Engine | Updated |
|---|---|---|---|
| true | EICAR_Test_File (exact) | 4.6.5.141 | 20160213 |
To write results to ElasticSearch
$ docker volume create --name malice
$ docker run -d -p 9200:9200 -v malice:/data --name elastic elasticsearch
$ docker run --rm -v /path/to/malware:/malware:ro --link elastic malice/fprot -t FILETo update the AV run the following:
$ docker run --name=fprot malice/fprot updateThen to use the updated F-PROT container:
$ docker commit fprot malice/fprot:updated
$ docker rm fprot # clean up updated container
$ docker run --rm malice/fprot:updated EICARFind a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
MIT Copyright (c) 2016 blacktop